Introduction
In this article, we will explore how to create a flow with Power Automate to break inheritance permissions on list item-level SharePoint Lists, remove existing permissions and set new List Item-Level permissions in SharePoint Online (new permissions).
In the previous article, we had to explore break inheritance permissions on list item-level SharePoint Lists and add roles. In this same step, follow for break inheritance permissions on list item-level and we see how to remove existing permissions and set new List Item-Level Permissions in SharePoint Online.
Issues
If your group already has permissions, it will add the new permissions to the existing one.
For example, in case we are adding Read permissions on the list item, if the SharePoint Group members already have Edit permissions, it won't remove the Edit one, you will see that he has Edit and Read permissions.
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
Solutions
We can achieve the unique item-level permissions to the SharePoint list follow the below point and steps.
We can also check one by one:
- Break inheritance on list item-level List
- Remove list item level roles (permission)
- Add list item-level roles (new permissions)
Break inheritance on list item-level List
We are going to define custom permissions for the list item level, and we are going to have to break the inheritance role. This will not change permissions but will simply change the current users into 'specified' permissions instead of 'inherited.'
We will see step-by-step how to implement it with Power Automate.
http://[SHAREPOINT_SITE_URL]/_api/web/lists/getByTitle('[LIST_TITLE]')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)
As you can see, in the URL I have "copyRoleAssignments = true," if set to true, this means it copies the parent's roles/permissions, if set to false, it does not copy the parent's roles/permissions.
Remove list item-level list role (Permission)
Then following REST API to remove list item level roles/ permission
http://[SHAREPOINT_SITE_URL]/_api/web/lists/getByTitle(''[LIST_TITLE]')/items([ItemID])/roleAssignments/groups/removebyid([Group_PRINCIPLE_ID])
Add list item-level roles (new permissions)
Then following REST API to Add list item level roles/ permissions
http://[SHAREPOINT_SITE_URL]/_api/web/lists/getByTitle('[LIST_TITLE]')/roleassignments/addroleassignment(principalid=[GROUP_ID/User_ID],roleDefId=[ROLE_ID])
The step-by-step Flow action to build
We have created an Employee information list for adding new candidate's information and submitted it to HR Approval Group For approval. After approval, HR Approves groups assigned to read permission.
Step 1
Go here and log in with your Office 365 account.
We start with a blank canvas and build the Flow ourselves. Therefore, click the + New button and select “Automated – from blank, follow the numerical points, as shown in the below screenshot:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
Provide a name and choose which Flow will trigger (or start). In our case, this will be “When an item is created or modified” then click the Create button. Follow the numerical points, as shown in the below screenshot:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
Enter the site address (URL) and select the list on which you want this Flow to run:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
Step 2
We have initiated two variables for the list name and HR Group principle ID:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
Step 3
In these steps, we verified the HR approval group approve the employee information request status:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
If Approval Status is Approval then start the process of remove the permission and set new permission to the HR approval group. First, we break the inheritance on an approval list item:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
After Break, the inheritance, send the HTTP request to getting HR approval group Principle ID using REST API in the below screen:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
Set the HR approval group principle ID to GroupPrinciple ID:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
In the below steps, we first remove the HR Approval Group Item level permission and set the read-only permission to the same list item.
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
To assign item level permission, we need to have the role definition IDs. Here are a few out of the box IDs below.
| Role Definition Name |
Role Definition Id |
| Full Control |
1073741829 |
| Design |
1073741828 |
| Edit |
1073741830 |
| Contribute |
1073741827 |
| Read |
1073741826 |
| View Only |
1073741924 |
| Limited Access |
1073741825 |
O/p
Before Approval Status:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()
After Approval Status:
![Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online]()